Regulating Cross-Border Data Flows in a Data-Driven World
Identifier first line
•Second line
Professor Andrew D [email protected]
Different legal and regulatory disciplines relevant to different aspects of regulating data flows
• Data Protection Law, IP Law, Tax Law, Constitutional Law, Consumer Protection Law, Cyber Laws, Public International Law and Trade Law
Different Stakeholders Involved in Data Regulation
• Governments: Regulate in ‘Public Interest’
• Private Sector: Providing and Maintaining Infrastructure for Data Flows; Innovating and adopting technologies
• Internet Multistakeholder Community: Engineering and Policy Issues
2
Complex Policy & Legal Landscape of Data Regulation
Key questions:
• What aspects of regulating data flows are trade-related?
• How can WTO agreements respond to these regulatory concerns? What kind of provisions are required to address these concerns?
Key message:
• More well-balanced and comprehensive approach for enabling free and secure flows of data required in WTO disciplines that adapts to the global governance context for data governance
• Recent FTA disciplines (USMCA, CPTPP) are helpful benchmarks; but, WTO rules need to be tailored for the multilateral environment
3
Overview of Presentation
• Importance of Cross-Border Data Flows in Digital Innovation and Economic Growth; also, critical for managing social problems (eg, Big Data in developing countries)
• Data Protection and Cybersecurity Concerns; Protecting Consumer Interests
• National Security Concerns (e.g. cyber-attacks on critical infrastructure)
• Regulatory Access to Data for Law Enforcement
• Protecting Digital Rights of Users: Access to Internet, Access to Information and Privacy Rights
4
A Variety of Regulatory and Policy Concerns Relevant to Data Flows
Digital Industrial Policy Narrative
• Tariff losses: need for a digital tax
• American-dominated data monopolies
• Boosting domestic digital Sector to promote development and digital inclusion
Cyber-Sovereignty
• Sovereign control over domestic information flows
• Data as a strategic resource
• Maintaining public order
5
A Variety of Regulatory and Policy Concerns Relevant to Data Flows
Data for:
• Digital Delivery of services
• Tracking goods
• Trade facilitation
Data for:
• Sending and receiving information
• Services delivery
Data for:
• Managing processes of production
• Instructing robotics (co-bots)
• Human Resources
• Back-office
Data for:
• New designs (R&D)
• Personalised services
• Collaborative processes
Design Produce
DeliverUse
6
The digital thread of modern manufacturing activities
Source: OECD (2019)
7
Growing Number of Data Regulations
No regulationEx-post
accountability
Flow conditional
on safeguards
Flow conditional on ad-hoc
authorisation
8
How Are Countries Regulating Data?
Source: OECD (2019)
• GATS exceptions only provide policy space to regulate but does not ensure that all Members adopt a basic framework for digital trade transactions; but:
• Ensuring data privacy and security are preconditions for cross-border data flows
• Basic regulations on ensuring business and consumer trust important to instil digital trust
9
Certain Aspects of Data Regulation Are Related to Intl Trade Law
Digital trust is the foundation of a digital trade framework
• Consumer-related privacy concerns, preserving rights of consumers, spam etc.
• Business trust: adequate protection of their IP, facilitating digital innovation, business certainty; adoption of best practices
Interoperability and transparency of regulations essential for data flows
• Need for accountability
• Alternative to regulatory harmonisation, building on GATS art VII
• Preventing ambiguous and opaque data laws and regulations
Experimenting with new regulatory approaches required to respond to unique challenges of a data-driven economy
• Unique multifaceted, complex nature of data challenges
• Moving towards co-regulatory approaches?
10
Foundations of a Digital Trade Regime for Data Flows
• FTAs as Benchmarks: Not always suited to the multilateral context
– Development-related concerns
– Diversity of ideologies and legal/regulatory frameworks ; Low levels of global digital trust
– Low acceptance of risk-based approaches at multilateral level
• Standard-setting on data-related issues outside the scope of WTO law
• WTO is not isolated from global data governance processes
11
Legal Framework for Data Flows at the WTO
• Horizontal obligation on cross-border data flows and prohibition on data localisation with flexible and clear exceptions; but complemented by:
• Obligation on Members to adopt data protection frameworks; promote mutual recognition of privacy laws
• Enabling International Cooperation on Cybersecurity Issues; Adopting International Standards and Best Practices in Internet Security
• Integrating Online Consumer Protection Issues Holistically to Trade Laws
• Enabling Digital Innovation and Promoting Digital Trust: TBT-like disciplines, role of multistakeholder standards in WTO law
• Special and Differentiated Treatment for DCs/LDCs; Mandatory Technical Assistance Programmes.
12
Legal Framework for Data Flows at the WTO
• Ambitious programme for incorporating data-related provisions at the WTO: Balance different policy concerns given varying level of cyber risks and development-related concerns
• Increased participation and political good-will of WTO Members: Joint Statement Initiative is a starting point
• Cross-institutional engagement necessary for developing a balanced framework for data flows
13
Conclusion
Thank you!